Storebrand Insurance Products
SecOps have made a webapp to show how to query information in a safe way! Nothing can go wrong when input is redirected into the browser right..?
-
Better SecOps page
Secure Page
Security Comparison Overview
| Security Feature | /secure ️ | /secops_search_better |
|---|---|---|
| CORS Policy | ✅ Restricted | ✅ Restricted |
| Security Headers Present? (Blocking external scripts) | ✅ Yes | ✅ Yes |
| CSP: Strong Policy? | ✅ 'self' only | ✅ 'self' only |
| Inline Scripts Allowed? | ✅ No | ❌ Yes |
| Script Execution Possible? | ✅ No | ❌ Yes |
| Input Sanitized or Escaped? | ✅ Yes | ❌ No |
| Reflects User Input? | ✅ Yes (escaped) | ❌ Yes (raw) |
| Overall Security Risk | 🟢 Minimal | 🟠 High |